INFORMATION ON THE PROCESSING OF PERSONAL DATA
This information is given, in compliance with Article 13 of EU Regulation 2016/679 (GDPR) and with Italian Legislative Decree 196/2003 modified by Italian Legislative Decree 101/2018, to the users interacting with the web services of Apinox Srl, which can be accessed from any computer at the following address: www.apinox.it, which is the main page of the website.
This information only describes how the official website of the company is managed, but not other external websites which can be consulted by the user through links.
Further information could be provided inside different access channels, divided according to the subject matter. Other information could be found inside the website in relation to specific services.
Data controller: Apinox Srl Via Bradolini, 21 - Castello Roganzuolo - 31020 S.Fior (TV)
Contact details: apinox@apinox.it
|
Purposes of the processing |
Legal basis of the data processing |
Data retention period |
|
For accounting-administrative activities and in compliance with legal obligations, regulations and applicable national and supranational legislation.
|
Necessity to comply with legal obligations. |
Contractual duration and, after its termination, for the ordinary prescription period equal to 10 years. |
|
If necessary, to ascertain, exercise and safeguard the rights of the Data Controller in court. |
Legitimate interest |
For the entirety of its duration, until the end of the legal periods during which it is possible to contest the litigation sentence. |
|
Possible contact request and sending of information requested by users
|
Performance of a contract of which the interested user is part or performance of pre-contractual measures at the data subject request (art. 6(1)(b) of the Regulation). |
The time necessary to give a feedback. |
|
After the a.m. retention times, the Data will be destroyed, deleted or made anonymous, according to the technical procedures of removal and backup. |
||
Type of Processed Data and Collection Methods
Navigation Data - Log files
It is possible to access the website without the user being asked to provide any personal data. During their normal operation, the computer systems and the applications dedicated to the functioning of this website detect some data (the transmission of which is implicit in the use of Internet communication protocols) that are not associated with directly identifiable users. The collected data include the IP addresses of the users connecting to the website, the addresses of the requested resources in URI/URL (Uniform Resource Identifier/Locator) notation, the time of the request, the numerical code indicating the status of the response given by the server (good end, error, etc.) and other parameters regarding the operational system and the user’s computer environment.
This is information that does not provide personal data of the user and that is not collected to be associated with identified data users. It is technical / computer data collected and used in an aggregate and anonymous way for the purpose of verifying the correct functioning and monitor the security of the website, of improving the quality of the service and providing statistics concerning the use of the website and of being able to ascertain the responsibility in case of hypothetical computer crimes against the website.
Data provided voluntarily by the user
The elective, explicit and voluntary sending of messages to the contact details addresses, as well as the filling in and the sending of the modules in the website of the Controller, entails the acquisition of the contact details of the sender and of all the personal data included in the communications, which are necessary in order to reply to the requests and/or provide the requested service. However, it ensures that this processing will be based on principles of correctness, lawfulness, transparency and protection of confidentiality as indicated in the GDPR. In any case, before proceeding with the activation of a certain service, adequate information will be provided and, when necessary, the relative consent to the processing of personal data will be acquired. This consent may be revoked at any time, causing the use of the service in question to be forfeited.
The lack of consent or revocation of the same does not imply any consequence, except for the impossibility of using the website and / or receiving the requested service or obtaining more detailed information about the activities of the Company.
In any case, if necessary, the processing of personal data may be carried out for the pursuit of a legitimate interest of the Controller or on the basis of a legal obligation. In particular, obtaining the consent for the processing referred to in the previous point regarding navigation and log data is not necessary, as the data are treated as responding to a legitimate interest (Recital 47 of the GDPR).
Supply of data
Besides what has already been specified about navigation data, the supply of personal data by the interested party for the purposes described in the previous paragraph is to be considered optional. Failure to provide data may make it impossible to use certain services provided by the website.
Methods of data processing
Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they are collected, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR and in compliance with the mandatory time limits prescribed by law. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
Communication and / or Disclosure of Data
Users’ data, which are subject to processing, will not be disclosed but may be transmitted to companies contractually linked to the company, in accordance with and within the limits of the GDPR. The personal data will be stored in servers placed in the European Union. It is understood that, if necessary, the Data Controller can move the servers also outside the EU GDPR. In such case, the Data Controller guarantees that the transfer of the data outside the EU, subject to drafting of the standard agreement clauses established by the European Commission, will happen according to the relevant legal provisions and the user will be informed about it.
The data can be transmitted to third parties of the following categories:
The individuals belonging to the aforementioned categories are either to carry out the duties of external data processing managers, or to work completely independently as data processing officers in their own right. The list of these individuals is constantly updated and is available at the site of the company. Any further communication and disclosure will be subject to the user’s explicit approval.
Possible Existence of an Automated decision-making process
The Data Controller informs the involved users that in this website there is no automated decision-making process, therefore there is no profiling system.
Minors
This website is not intended for persons under the age of 16 and the Data Controller does not intentionally collect personal information on minors. In the event that information on minors were unintentionally registered, the Data Controller will delete them in a timely manner at the request of the users.
Rights of the data subject
The data subjects have the right to request information from the company regarding the processing of personal data by email at: privacy@apinox.it.